aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0

General

Target

aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
Size

94KB
MD5

6361c438da566fe6f33ff431d78abc95
SHA1

19e31583ea9fdebc0bc4a938fa45602eabd1a199
SHA256

aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0
SHA512

7421826850bc9ee45206e28774e1f9274bb228e8c74659edb205d8ab774a308f56a99f0372eeb25c2e582cbc5e56175e5d4b0fe0f0bf5d932b1435844d428324
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP761wewz8eE:6rWpcOPxPke+e3fFpsJOfFpsJbgEJRxE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5058) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp	aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe

C:\Users\Admin\AppData\Local\Temp\aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe
"C:\Users\Admin\AppData\Local\Temp\aa00a06e91ac45970cd065eec849b989d811f604342b7486821531d6845ec4d0.exe"
1⤵
- Drops file in Program Files directory
PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp
Filesize
95KB

MD5
e1645764e24fefb5662379cdf51b6ca6

SHA1
451f6dd61e2629a2297dc7f551a6084d6e785668

SHA256
8897822b71bdeccadacc709b25e1736739d836c2f3fe192f41f96b5cee84f97a

SHA512
7b03fb0db74d944507225988fc4977126a83c99c05a9ec2664d15f0418ce0b1118c69ccf1e9d1c0d5aa2d5f35c91796366d4547340f6667bf61ee89b9bdfa927

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
193KB

MD5
44e26191acfc84bc88349437cb67b6c3

SHA1
af8b02692160cbb9dd4cbe008360a7f03a89ffdf

SHA256
2d7309e0233abaf3ffa6a7a9ccfb2baf5a8e4284fcd91b35a0a9aa32f208226d

SHA512
5ffbfb4478881a249fc93378fbc30a3bd7009d314ba61082a7c8e521a3642cff325c41af5ba71ebe248df9edb0820899bd3dfd65b1226b71a253d9fd6f031a3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads